In recent years, road vehicle-to-vehicle communication services have widely been used which deliver jam information, security/safety information, etc. from a wireless device installed on the roadside to an in-vehicle wireless device. Improving the accuracy of jam information and security/safety information by transmitting vehicle information from the in-vehicle wireless device to the roadside wireless device in reverse has been discussed. Further, a study of communications between respective vehicles that share jam information and security/safety information on a self-reliant basis by performing communications directly or on a multi-hop basis between the vehicles has also been carried out actively.
As such a wireless communication technology spreads, there is a need to confirm whether a received message is being tampered on a communication channel or whether a malicious person impersonates a message transmitter.
There have heretofore been known several technologies which protect against spoofing, tampering, etc. upon wireless communications and perform safety communications. As one of them, there is known a public key encryption method which performs encryption and decryption using keys different between a message transmitter and a message receiver. In the public key encryption method, keys set as a pair of two keys are used unlike a common key encryption method. One of them is a public key being on public view, and the other thereof is a secret key recognized by the very person alone. The paired keys have a feature that a message encrypted by one of them can be decrypted only by another key. Further, in order to estimate a secret key from a public key and other public information, an immense amount of calculation time is required at an actual computer resource, and high confidentiality can be achieved.
When it is desired to prevent spoofing and tampering by using such a feature, a message sender encrypts a message or its hash value (also called message digest) by a secret key known by the very person alone and transmits it. A receiver having received the message performs decryption of the message or its hash value by using a sender's public key. If it is possible to properly decrypt it by the sender's public key at this time, it is confirmed that the message sender is a person that knows a sender's secret key, i.e., the very person. It is also confirmed from the fact that decryption has properly been done, that tampering has not been performed on a communication channel.
In general, authentication is action for confirming the validity of a target. Message authentication is a procedure for ensuring that a message has not been changed. As methods for this message authentication, there are known a method using a message authentication code (MAC: Message Authentication Code) based on a common key encryption method, and a method using a digital signature based on a public key encryption method. The common key encryption method is an encryption method in which a key used in encryption and a key used in decryption are the same. The public key encryption method is an encryption method for performing encryption using his or her own secret key and performing decryption using a public key opened to the other party as described above.
The message authentication code is, for example, a code obtained by inputting a common key and a message of an arbitrary length to be authenticated to a MAC value generating function as inputs.
The digital signature is, for example, a code obtained by inputting a message (or message digest) of an arbitrary length to be authenticated and a secret key to a signature generating function. The message digest is generated by, for example, passing a message through a one-way hash function.
There has been described in a Patent Document 1, a vehicle-to-vehicle authentication technology using a message authentication code based on a common key encryption method.
There has been described in a Non-Patent Document 1, an ECDSA (electronic signature method using elliptic curve cryptography) as an authentication method using a digital signature based on a public key encryption method.